algorand-x402-typescript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's client wrappers (wrapFetchWithPayment / wrapAxiosWithPayment) and related documentation (create-typescript-x402-client.md and the client-reference) describe making HTTP requests to arbitrary external URLs and parsing 402 PaymentRequired responses (including discovery extensions) from those servers and then using that data to select schemes, build/sign payment transactions, and retry requests, so untrusted third‑party responses can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payments SDK for Algorand: it includes AVM/core libraries, signer interfaces (ClientAvmSigner, FacilitatorAvmSigner), transaction builders, facilitator services that "verify and settle Algorand payments on-chain", and client/server helpers that "automatically handle 402 payments" and construct/sign transactions. These are specific blockchain payment primitives (wallet signers, on-chain settlement, transaction groups), i.e. tools whose primary purpose is to send/settle crypto payments. This meets the criteria for Direct Financial Execution.